The old trick of using a zero-point font in a document to conceal information you do not want to be readily detected by the reader, is being exploited again in a new way.
This time it is being used to show Outlook emails as having been safely scanned when in reality they have not. A hidden safe security scan message is shown in Outlook preview, which is not visible in the actual message. The threat actors are relying on the fake safe scan message to encourage a victim to engage with the malicious phishing email.
New ZeroFont phishing tricks Outlook into showing fake AV-scans – BleepingComputer
Clive Catton MSc (Cyber Security) – by-line and other articles
